Cookie Monsters

Laptop and Cookie Plate

Do you like cookies? I’m not talking about the kind of cookies you eat. I’m talking about browser cookies — those little pieces of data sent from a website and stored in your browser. While they’re often necessary for keeping track of useful information that helps create a good user experience, they can also be used to track users, which is sometimes cause for concern.

Recently, I became curious to find out how many cookies some of the most popular websites create for a single user. So I decided to test the top 10 most visited websites.

Some Background on Cookies

Websites use cookies to do things like keeping track of your movements within their site. They help you pick up where you last left off, often remembering things such as login information (the main use of authentication cookies), language preferences, and other settings. They’re very useful, especially for large sites that have lots of moving parts and settings. Without them, most sites would suffer from clunky user experiences, where users would be forced to re-do menial tasks like logging in, saving their language, etc. They usually don’t contain a whole lot of information, and as such, they generally can’t be used to reveal any PII (personally identifying information).

While most cookies are generally harmless, there are some that have raised privacy concerns. Tracking cookies, for example, are cookies that are commonly used to compile records of a user’s movements and browsing history. Some cookies can also store information such as passwords and other sensitive data like credit card numbers or addresses. And without proper encrypting and security measures, these types of cookies could prove to be a liability if they aren’t properly handled or fall into the wrong hands.

Want to learn more about cookies? There is a lot of information out there, including a pretty decent overview of cookies on Wikipedia that you can read if you so desire.

Like I said, I recently became curious to find out how many cookies some of the most popular websites create for a single user. So I decided to visit each of the top 10 most visited websites to see how many cookies were placed in my browser as the result of one simple action: Logging in.

To do this test, I opened my browser (Firefox, if you’re curious) and deleted everything. Cache, cookies, passwords…everything. Then I went to each site and logged in (when available). After logging in, I checked to see how many cookies each site placed in my browser, just from logging in. Here are the results:

Number of Cookies Used on the Top 10 Websites of 2013

Understanding the Results

I’m not sure about you, but the number of cookies these sites use is a bit of a surprise to me — specifically the sites that have more than 20-30 cookies. I mean, I know there are very useful purposes for cookies that help create a better user experience, but in my mind, creating more than 20 cookies after nothing but a user logging in seems a bit excessive.

Again, most cookies used by websites are used for creating better user experiences, not for anything harmful or intrusive. But it’s worth noting that 7 of these 10 websites place a DoubleClick cookie, and 5 out of 10 place one from Scorecard Research — both used for tracking user visitation/behavior, and in the case of DoubleClick, to provide more relevant advertising to users.

These tracking cookies aren’t necessarily all bad, as they both claim to not store any PII in their cookies. They are also both highly rated in regards to privacy scores. But they can still be used to track your movements on certain sites and learn your behaviors and patterns. And in my humble opinion, there is always a possibility of tying these cookies to a specific person, even if the cookies themselves don’t contain any PII. After all, Google’s Privacy Policy states that they can associate your unique device identifier with your account. And if your device’s browser contains a DoubleClick cookie, it stands to reason that there is sufficient data available to use that cookie to track and store things like your individual browsing history, patterns and behaviors — even if the cookie itself doesn’t contain any PII.

Also worth noting is the fact that for certain sites and their cookies (e.g. social sites), those sites can receive data when you use a website that merely uses their services, such as social plugins and widgets. But that’s a topic for a whole other post…

Tip: If you’re interested in opting out of some of the aforementioned tracking cookies, you can opt-out of interest-based ads on Google, download the advertising cookie opt-out plugin for your web browser (Chrome, Firefox, and IE), and/or opt-out of ScorecardResearch’s web tagging market research.

Featured photo: “Peanut Butter Cookies” by Greg Hirson

One Response to this post:

Leave a Comment